Hello everyone,
The new HCIE Routing&Switching exam changed interviews to discussion questions. Next, I'm going to introduce you to some discussion questions. This post will introduce the network cutover problem.
Title
An enterprise plans to purchase two Huawei devices to replace Cisco devices. Answer the following questions:
1. How to ensure service stability as much as possible during equipment replacement? Please provide a solution.
2. If two Huawei devices need to be virtualized, what are the methods and precautions?
How to ensure service stability as much as possible during equipment replacement? Please provide a solution
1. Analyze the live network topology and plan the live network topology. (Link type, cost, interconnection IP address, and interconnection interface) 1. Analyze the routing protocols, data flows, and traffic models of the live network, collect the inbound and outbound traffic information of related interfaces, back up the configurations of the live network devices, and analyze the hardware boards.
2. Device and version risks (Analyze risks in device performance, specifications, version features, and countermeasures)
3. Perform risk analysis and countermeasures for major operations, verify and review the cutover solution, roll back the solution, and implement the cutover if authorized by the owner.
4. The service interruption duration analysis shows that the cutover is completed twice. Therefore, services will be interrupted for a period of time. If the cutover is successful, the service interruption duration does not exceed xx.
During the first cutover, if permitted, connect Huawei devices to the live network and divert service traffic to Huawei devices. If an exception occurs during the cutover, start the rollback mechanism immediately. The maximum service interruption time is xx minutes. The time includes the time required for normal cutover, fault identification, and routing protocol convergence.
In the second cutover, replace the Cisco device with another Huawei device and share service traffic between the two Huawei devices as required. If an exception occurs during the cutover, implement the rollback mechanism to ensure that the service interruption duration does not exceed xx minutes. The time includes the time required for normal cutover, fault identification, and routing protocol convergence.
Appendix: Preparations before the Cutover
1. Operation application
2. Implementation review
3. Link and transmission
4. Hardware, software, and auxiliary materials
5. Preparing for Device Software Configuration
6. Power on new devices and test their functions.
7. Account, password, and remote login mode
8. Data backup and traffic collection
9. (Optional) Sealing the Net
10. Service status
11. Operation test
12. Rollback Solution
If two Huawei devices need to be virtualized, what are the methods and precautions?
Two devices need to be virtualized. The common methods are as follows, which are applicable to different enterprise network scenarios.
1. VRRP is the gateway virtualization technology. VRRP and MSTP are deployed at the aggregation layer of the campus network.
2. System-level virtualization technologies CSS and CSS2 are deployed at the aggregation layer and core layer of the campus network, and no VRRP architecture is deployed.
3. M-LAG, a process-level virtualization technology, is commonly used in data center networks to implement dual-homing of switches and servers.
VRRP
VRRP combines two or more devices to form a virtual routing device and uses the IP address of the virtual routing device as the user gateway to communicate with the external network. When a gateway fails, the VRRP mechanism selects a new gateway to take over data traffic, ensuring network communication.
Notice:
1. VRRP master/backup switchover takes a long time in seconds. BFD needs to be associated to accelerate convergence.
2. The control plane of the master and backup devices is independently deployed. As a result, the incoming and outgoing paths of the end routes may be inconsistent.
3. The master device must be the same as the MSTP root bridge device to prevent upstream and downstream traffic from detouring, resulting in poor traffic paths.
CSS and CSS2
Cluster switching system, generally used for modular switches (S7700, 57900, 59700, 5S12700, CE12800, CE16800).
Two physical machines are aggregated into a logical switch through CSS to provide more slots for business access. The uplink redundant link of the original downlink switch is interconnected with the CSS system through link aggregation (Eth-Trunk) to avoid congestion Redundant links improve link utilization, cross-device link load sharing, improve link bandwidth utilization and simplify network structure, without complicated MSTP configuration, and realize centralized management and maintenance of switches through CSS, Reduce the user's deployment and maintenance costs.
Support cluster card stacking and business card stacking, as well as switchboard hardware cluster CSS2, where CSS2 provides the industry's lowest inter-frame forwarding delay.
When the switches in the CSS are started, they will start a competition to form a master/backup relationship. The main switch is responsible for managing the entire cluster, and there is only one main switch in the cluster. When the master switch fails, the backup switch will take over all the services of the original master switch, and there is only one backup switch in the CSS. The switches in the stacking system uniformly use the software version and configuration files of the main switch to form a unified control plane, which logically constitutes a switch
Notice:
1. Use CSS to have a corresponding cutover plan when performing device version update and system patch upgrades.
2. As far as possible, each member device has an uplink port connected to different member devices of the CSS, so that when any device fails, the upstream traffic will not be affected.
3. When devices are stacked, it is recommended that the stacking bandwidth between the two devices is the same, otherwise, the bandwidth of the stacking system is equal to the smallest stacking bandwidth in the system.
4. When the stack system is connected to other network devices, it is recommended to use the Eth-Trunk interface to connect, and each member switch of the CSS can have a port added to the Eth-Trunk
5. It is recommended to enable the local priority forwarding function, and the stacking line deployment should consider the problem of stacking board failure.
6. When the stacking link fails, a dual-master situation will occur. The dual-master detection mechanism needs to be deployed.
M-LAG
M-LAG (Multichassis Link Aggregation Group) is a cross-device link aggregation group. It is a mechanism to realize cross-device link aggregation. By performing cross-device link aggregation with two other devices, the link reliability is reduced from a single board level is upgraded to the equipment level to form a dual-active system.
In order to ensure reliability, the switch needs to consider the redundant backup of the link when accessing the network, which can be achieved by deploying a ring-breaking protocol such as MSTP, but it wastes bandwidth resources.
In order to achieve redundant backup and improve link utilization, M-LAG is deployed between two Huawei switches to realize dual-homing access of switches or servers. The two switches form load sharing and perform traffic forwarding together. When one device fails, the traffic can be quickly switched to another device to ensure the normal operation of the business.
Notice:
1. The types of the two devices that make up the M-LAG must be the same. It is recommended that the models and versions of the two devices are the same.
2. The two devices forming M-LAG need to be configured with root bridge and bridge ID or V-STP, which is externally reflected as a device for STP protocol calculation, otherwise there may be a risk of a loop.
3. When configuring M-LAG based on the root bridge method, the bridge IDs of the two devices that make up the M-LAG must be configured with the same bridge ID, and the root priority must be configured as the highest to ensure that the two devices of the M-LAG are the root nodes. In the scenario where M-LAG is configured based on the root bridge mode, STP multi-process is not supported.
4. Peer-link failures are all dual-master conflicts, and DAD Link needs to be deployed to solve the dual-master conflicts.
That is all I want to share with you! Thank you!
